[New-bugs-announce] [issue42472] security hole in eval()
Chris Drake
report at bugs.python.org
Thu Nov 26 06:31:04 EST 2020
New submission from Chris Drake <cryptophoto at gmail.com>:
This should not work:-
python3.7 -c 'print(eval("().__class__.__base__.__subclasses__()[-1].__init__.__globals__",{"__builtins__": {}},{"__builtins__": {}}))'
and should be properly fixed.
----------
messages: 381892
nosy: cryptophoto
priority: normal
severity: normal
status: open
title: security hole in eval()
type: security
versions: Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue42472>
_______________________________________
More information about the New-bugs-announce
mailing list